You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Haley Reeve (JIRA)" <ji...@apache.org> on 2019/02/13 19:13:00 UTC
[jira] [Commented] (SENTRY-2497) show grant role results in NPE
when URI does not have scheme
[ https://issues.apache.org/jira/browse/SENTRY-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16767476#comment-16767476 ]
Haley Reeve commented on SENTRY-2497:
-------------------------------------
What I'm not sure about yet is what behavior is desired when the scheme is null. From the testing me and [~arjunmishra13] did it seems like local URIs can optionally not have a scheme, but I don't know if that's the only case where the scheme might be null.
> show grant role results in NPE when URI does not have scheme
> ------------------------------------------------------------
>
> Key: SENTRY-2497
> URL: https://issues.apache.org/jira/browse/SENTRY-2497
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 2.0.0
> Reporter: Haley Reeve
> Assignee: Haley Reeve
> Priority: Major
>
> Sentry throws a NullPointerException when trying to run "show grant role" on a URI with no scheme associated with it. You can see the stacktrace in the HS2 logs:
> {noformat}
> HS2 logs are showing the stacktrace:
> 2019-02-08 05:53:58,650 INFO org.apache.hadoop.hive.ql.Driver: [HiveServer2-Background-Pool: Thread-84]: Executing command(queryId=hive_20190208
> 055358_a283626f-c906-4bd1-be50-43e2e9a6949b): show grant role uritest
> 2019-02-08 05:53:58,651 INFO org.apache.hadoop.hive.ql.Driver: [HiveServer2-Background-Pool: Thread-84]: Starting task [Stage-0:DDL] in serial m
> ode
> 2019-02-08 05:53:58,661 ERROR hive.ql.exec.DDLTask: [HiveServer2-Background-Pool: Thread-84]: java.lang.NullPointerException
> at org.apache.sentry.binding.util.SentryAuthorizerUtil.isLocalUri(SentryAuthorizerUtil.java:283)
> at org.apache.sentry.binding.util.SentryAuthorizerUtil.convert2HivePrivilegeObject(SentryAuthorizerUtil.java:267)
> at org.apache.sentry.binding.util.SentryAuthorizerUtil.convert2HivePrivilegeInfo(SentryAuthorizerUtil.java:220)
> at org.apache.sentry.binding.hive.authz.DefaultSentryAccessController.showPrivilegesByPrincipal(DefaultSentryAccessController.java:279)
> at org.apache.sentry.binding.hive.authz.DefaultSentryAccessController.showPrivileges(DefaultSentryAccessController.java:213)
> at org.apache.sentry.binding.hive.authz.SentryHiveAuthorizerImpl.showPrivileges(SentryHiveAuthorizerImpl.java:146)
> at org.apache.hadoop.hive.ql.exec.DDLTask.showGrants(DDLTask.java:746)
> at org.apache.hadoop.hive.ql.exec.DDLTask.execute(DDLTask.java:527)
> at org.apache.hadoop.hive.ql.exec.Task.executeTask(Task.java:199)
> at org.apache.hadoop.hive.ql.exec.TaskRunner.runSequential(TaskRunner.java:97)
> at org.apache.hadoop.hive.ql.Driver.launchTask(Driver.java:2250)
> at org.apache.hadoop.hive.ql.Driver.execute(Driver.java:1893)
> at org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1613)
> at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1332)
> ...
> 2019-02-08 05:53:58,663 ERROR org.apache.hadoop.hive.ql.Driver: [HiveServer2-Background-Pool: Thread-84]: FAILED: Execution Error, return code 1
> from org.apache.hadoop.hive.ql.exec.DDLTask. null
> {noformat}
> This appears to be happening because the show grant role logic is trying to construct a HivePrivilegeObject, which it wasn't doing in 1.8.0, and assumes the URI will have a scheme. See:
> {noformat}
> public static boolean isLocalUri(String uriString) throws URISyntaxException {
> URI uri = new URI(uriString);
> if (uri.getScheme().equalsIgnoreCase("file")) {
> return true;
> }
> return false;
> }
> {noformat}
> Because uri.getScheme() can return null, the equalsIgnoreCase() can result in an NPE.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)